Alert GCSA-10075 - Vulnerabilita' multiple nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10075
Data : 23 Giugno 2010
Titolo : Vulnerabilita' multiple nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state individuate varie vulnerabilita' nei prodotti Mozilla
Firefox, Thunderbird e SeaMonkey che se sfruttate potrebbero
permettere ad un attaccante remoto di manipolare e divulgare
informazioni, evitare restrizioni di sicurezza o compromettere
un sistema vulnerabile.
:: Software interessato
Mozilla Firefox versioni precedenti alla 3.6.4
Mozilla Firefox versioni precedenti alla 3.5.10
Mozilla Thunderbird versioni precedenti alla 3.0.5
Mozilla SeaMonkey versioni precedenti alla 2.0.5
:: Impatto
Esecuzione remota di codice arbitrario
Compromissione del sistema
Security Bypass
Esecuzione di attacchi di tipo cross site scripting
Possibilita' di condurre attacchi di tipo phishing
:: Soluzioni
Aggiornare Mozilla Firefox alle versioni 3.6.4, 3.5.10 :
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 3.0.5 :
http://www.mozilla.com/thunderbird
Aggiornare Mozilla SeaMonkey alla versione 2.0.5 :
http://www.mozilla.org/projects/seamonkey/
:: Riferimenti
Mozilla:
http://www.mozilla.org/security/announce/2010/mfsa2010-26.html
http://www.mozilla.org/security/announce/2010/mfsa2010-27.html
http://www.mozilla.org/security/announce/2010/mfsa2010-28.html
http://www.mozilla.org/security/announce/2010/mfsa2010-29.html
http://www.mozilla.org/security/announce/2010/mfsa2010-30.html
http://www.mozilla.org/security/announce/2010/mfsa2010-31.html
http://www.mozilla.org/security/announce/2010/mfsa2010-32.html
http://www.mozilla.org/security/announce/2010/mfsa2010-33.html
VuPen:
http://www.vupen.com/english/advisories/2010/1551
Secunia:
http://secunia.com/advisories/40309/
http://secunia.com/advisories/40323/
http://secunia.com/advisories/40326/
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1200
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1203
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTCIilfOB+SpikaiRAQIXoQP+MjJi5W2hGuiOaEDennmwDw3XCwgT8lja
fbDuUFvKotUHPkMPuVHWlKLuhIaaOV303T6bINyB0tiIRI3QasGckr74q8mcBnQX
dRp8+8VDboLPc9AsawU2+40ZFrjV1aC94x+f6ff/ZeJFfwUBxQAFuCRaaSEiMduA
B15e91BzihM=
=vtnl
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10075
Data : 23 Giugno 2010
Titolo : Vulnerabilita' multiple nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state individuate varie vulnerabilita' nei prodotti Mozilla
Firefox, Thunderbird e SeaMonkey che se sfruttate potrebbero
permettere ad un attaccante remoto di manipolare e divulgare
informazioni, evitare restrizioni di sicurezza o compromettere
un sistema vulnerabile.
:: Software interessato
Mozilla Firefox versioni precedenti alla 3.6.4
Mozilla Firefox versioni precedenti alla 3.5.10
Mozilla Thunderbird versioni precedenti alla 3.0.5
Mozilla SeaMonkey versioni precedenti alla 2.0.5
:: Impatto
Esecuzione remota di codice arbitrario
Compromissione del sistema
Security Bypass
Esecuzione di attacchi di tipo cross site scripting
Possibilita' di condurre attacchi di tipo phishing
:: Soluzioni
Aggiornare Mozilla Firefox alle versioni 3.6.4, 3.5.10 :
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 3.0.5 :
http://www.mozilla.com/thunderbird
Aggiornare Mozilla SeaMonkey alla versione 2.0.5 :
http://www.mozilla.org/projects/seamonkey/
:: Riferimenti
Mozilla:
http://www.mozilla.org/security/announce/2010/mfsa2010-26.html
http://www.mozilla.org/security/announce/2010/mfsa2010-27.html
http://www.mozilla.org/security/announce/2010/mfsa2010-28.html
http://www.mozilla.org/security/announce/2010/mfsa2010-29.html
http://www.mozilla.org/security/announce/2010/mfsa2010-30.html
http://www.mozilla.org/security/announce/2010/mfsa2010-31.html
http://www.mozilla.org/security/announce/2010/mfsa2010-32.html
http://www.mozilla.org/security/announce/2010/mfsa2010-33.html
VuPen:
http://www.vupen.com/english/advisories/2010/1551
Secunia:
http://secunia.com/advisories/40309/
http://secunia.com/advisories/40323/
http://secunia.com/advisories/40326/
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1200
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1203
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTCIilfOB+SpikaiRAQIXoQP+MjJi5W2hGuiOaEDennmwDw3XCwgT8lja
fbDuUFvKotUHPkMPuVHWlKLuhIaaOV303T6bINyB0tiIRI3QasGckr74q8mcBnQX
dRp8+8VDboLPc9AsawU2+40ZFrjV1aC94x+f6ff/ZeJFfwUBxQAFuCRaaSEiMduA
B15e91BzihM=
=vtnl
-----END PGP SIGNATURE-----